Hackers could hijack devices using a laptop’s USB-C charger
Many recent laptops use a USB-C port for charging, which is a convenient and fast way of topping up a notebook’s battery, but it appears that this method of charging could be exploited by hackers.
As the BBC reports, a security researcher known as ‘MG’ has shown how a laptop charger that plugs into the USB-C port (in this case the charger belonged to a MacBook) can be altered to hijack the computer it is plugged into.
MG added small components into the charger, which powers up when connected to the laptop. The laptop continues to charge as normal, which means the user would not be aware that anything untoward was happening.
MG posted a video of this demonstration, which you can watch below). The vulnerability is apparently cross-platform, so it could infect any laptop, no matter what operating system it uses.
Demo of a work in progress. I’m looking for help with writing payloads. Come chat with me at @defcon if you’d like to collaborate. Power adapter. Silent infection. Cross platform. Not just Apple hardware. Project page with info: https://t.co/b62N5cWVSG 1/n pic.twitter.com/pxwrb9o9HUAugust 3, 2018
With the hacked power adapter plugged into the laptop, the device displayed a fake login screen that could be used to gain people’s usernames and passwords.
Thankfully, MG’s device is just an example of what could be made – they haven’t actually used it for nefarious purposes. The BBC met MG at Def Con, where ethical hackers meet to highlight security vulnerabilities they’ve found.
MG wants to work with researchers to look at how this vulnerability could be used by hackers, and how to prevent it, and they are careful not to reveal details about the hack in case it inspires any malicious users to try it out.
Talking to the BBC, MG suggests that there should be a way for laptops to make the user aware when something is being plugged in. “When you plug in a device and it’s automatically trusted, that may not be a good idea […] We could start doing some level of trust-based pairing that we see with Bluetooth devices, or some level of firewall so that at least the first time a new device is plugged in you should be alerted.”
Being conscious of what you’re plugging into your laptop is always good advice, and you should never plug in a USB device you find lying around into your machine. So, if you see an abandoned USB-C laptop charger, you’d be wise to leave it alone, no matter how desperate for battery life you are.